Saturday, January 03, 2015

What Do They Teach in a Hacking Class?

Non-Computer Science laymen always seem shocked to hear that undergraduate courses are offered in hacking. Why? It's really just a sexy way to market a course in cybersecurity. Or so we tell everyone. If you've ever been curious as to what they teach in a hacking class, here's a general outline (since I'm prepping for next semester anyway):

Penetration Testing

The instructor typically sets up a "hacking lab" where one machine or small network is set up with different types of security solutions installed. The object for the semester will be for students to hack the instructor's machine and setup. These days, security testing in the classroom is easily accomplished using Backtrack Linux and Kali Linux.

Reconnaissance

The idea is to gather as much information about a target as possible to increase your chances of success later. This is done through a combination of Google directives, The Harvester Python script, the WhoIs database, NetCraft, Fierce, MetaGooFil, the ThreatAgent Drone, and other tools. The goal by the end of the Reconnaissance stage is to have a list of IP addresses that belong to the target.

Scanning

Once we have a list of IP addresses, the next step is to map those addresses to open ports and services Students need to determine if a system is alive with ping packets, port scan the system with Nmap and use the Nmap scripting engine (NSE) to gather further information about the target, and scan the system for vulnerabilities with Nessus.

Exploitation

This is the process of actually gaining control over a system. Students explore online password cracking tools like Medusa and Hydra, as well as learn how to use tools like the full MetaSploit framework, Wireshark, Macof, and Armitage. This is really the stage most people think of when they think of computer hacking, but the point to stress to students is that only by engaging in the first wo preliminary steps will you get the most out of Exploitation.

Social Engineering

Making your attack vectors believable. After all, the best hacks are those which go undetected. Use of the social-engineer toolkit (SET), website-attack vectors, credential harvesters, and more are explored.

Web-based Exploitation

For when websites themselves (not only local networks connected to the Internet) are the target. This stage incudes intercepting requests as they leave the browser, discovering all files and directories that make up the target web application, and analyzing responses from the web application to find vulnerabilities. Frameworks to use include W3af, the Burp Suite, the Zed Attack Proxy (ZAP), Websecurify, and Paros, and other role-specific tools.

Post-Exploitation: Maintaining Access

Using backdoors, rootkits and meterpreters that allow the attacker to return at will. Tools include Netcat, Cryptcat, and really just a comprehensive explanation about how rootkits operate.

Still find this interesting or did these details deflate your excitement about learning "how to hack"? Remember, the real challenge for us non-criminal types is to prevent these tools and methods from working. It is an arms race, and we're in it to win it.